Newbie BGP Questions

Discussion in 'Cisco' started by Bob Simon, May 17, 2005.

  1. Bob Simon

    Bob Simon Guest

    Cox Communications provides us high speed Internet access via an
    Ethernet interface in our router. Although this interface always
    stays up, we lose Internet access several times a year for several
    hours at a time. In order to avoid this, we ordered a T1 frame relay
    circuit from UUNet, which will be installed next week. A T1 can only
    carry a fraction of our traffic so we expect response time will be
    poor when the Cox network isn't working. Therefore, we only want to
    use the UUNet T1 when it's the only path available. Obviously, I also
    want return packets to usually take the Cox path unless my router is
    not reachable that way, in which case they should take the UUNet path.

    1) Will the following code achieve these goals?

    router bgp 11244
    no synchronization
    network xx.248.12.0 mask 255.255.254.0
    neighbor xx.248.12.1 remote-as 22520 (Cox)
    neighbor xx.248.12.1 weight 100
    neighbor 157.130.138.245 remote-as 701 (UUNet)
    neighbor 157.130.138.245 route-map mypath out
    route-map mypath
    set as-path prepend 11244

    2) I would like to only store the routes to my two upstream neighbors
    in the BGP route table and have BGP install a default route (or
    functional equivalent) that will change as needed into the IP routing
    table. Is this possible?

    3) Cox assigned us our /23 address space, which is just a tiny piece
    of their block. Will they stop advertising our network if something
    in their network gets broken beyond my neighbor router? How does this
    work and how will my router know to start sending packets out the
    UUNet path? How long does convergence typically take?


    --
    Bob Simon
    remove both "x"s from domain for private replies
     
    Bob Simon, May 17, 2005
    #1
    1. Advertising

  2. Bob Simon

    Guest

    Hi Bob,

    To confirm what you said, you want COX as your primary and want UUNET
    as your backup. The easiest way to do this would to run communities
    with UUNET - on your outbound announcement, you create a route-map that
    matches a community that lowers the pref within UU's network. This
    will ensure they don't propagate the route upwards at all and will
    ensure that any traffic originating from UUNET won't come across the T1
    you have with them, rather it will traverse the Internet. Then, for
    inbound traffic, just lower the local-pref with a route-map from
    anything learned from UUNET. This will ensure symetrical routing.

    For example:

    route-map UUnet-out permit 10
    set community 701:xxx

    Then, you can also create a route-map inbound for UUnet to lower pref
    for anything you receive from them inbound:

    route-map UUnet-in permit 10
    set local-preference 90

    Once you have both route-maps defined, you can apply that to your
    neighbor peer-group:

    conf t
    ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
    ip prefix-list AS11244-net seq 5 permit xx.248.12.0/23
    !
    router bgp 11244
    no synchronization
    bgp log-neighbor-changes
    no auto-summary
    neighbor UUNET peer-group
    neighbor UUNET remote-as 701
    neighbor UUNET send-community
    neighbor UUNET desc ** UUnet Peer (Backup) **
    neighbor UUNET prefix-list DEFAULT-ROUTE in
    neighbor UUNET prefix-list AS11244-net out
    neighbor UUNET route-map UUnet-in in
    neighbor UUNET route-map UUnet-out out
    !
    neighbor 157.130.138.245 peer-group UUNET


    That should pretty much cover it... this will do the following:

    1) Only permit a default-route from UUNET (and you'll filter
    everything else)

    2) Only announce your netblock upwards to them (you'll filter
    everything else)

    3) You tag your outbound so UU receives it with a lower pref (anything
    less than 100)

    4) You take your inbound from UU so that it's less preferred

    All UUNET will need to do is (1), permit your prefix, (2) send you only
    a default route, (3) run communities with you.

    Using AS numbers will work, but it may not give you the desired results
    as sometimes you have to add/remove AS#'s to your announcements. One
    last thing to consider is that you may want to just get internal routes
    from one peer and a default from the other so that you can use both
    lines actively. This is more involved but it's another option.

    Good luck!

    -Vikas
     
    , May 17, 2005
    #2
    1. Advertising

  3. Bob Simon

    Bob Simon Guest

    Vikas,
    Thanks for your generous reply but I am having some trouble with
    several points you made. I would very much appreciate your giving me
    a bit more help with this.

    1) You said that I should "run communities with UUNET." Does this
    mean that I coordinate with UUNet and ask them to create community
    701:xxx, then I reference it in my outbound route-map? Or is it my
    job to define this community?

    2) After your example config you identified what it accomplishes. You
    said, "3) You tag your outbound so UU receives it with a lower pref
    (anything less than 100)". Which statement lowers the preference of
    the UUNet outbound path?

    3) Your config included no statements for the Cox neighbor router. I
    presume I need the following additional commands. Is this correct?
    neighbor xx.248.12.1 remote-as 22520
    neighbor xx.248.12.1 weight 100

    Thanks again!

    Bob

    On 17 May 2005 14:48:43 -0700, wrote:

    >Hi Bob,
    >
    >To confirm what you said, you want COX as your primary and want UUNET
    >as your backup. The easiest way to do this would to run communities
    >with UUNET - on your outbound announcement, you create a route-map that
    >matches a community that lowers the pref within UU's network. This
    >will ensure they don't propagate the route upwards at all and will
    >ensure that any traffic originating from UUNET won't come across the T1
    >you have with them, rather it will traverse the Internet. Then, for
    >inbound traffic, just lower the local-pref with a route-map from
    >anything learned from UUNET. This will ensure symetrical routing.
    >
    >For example:
    >
    >route-map UUnet-out permit 10
    > set community 701:xxx
    >
    >Then, you can also create a route-map inbound for UUnet to lower pref
    >for anything you receive from them inbound:
    >
    >route-map UUnet-in permit 10
    > set local-preference 90
    >
    >Once you have both route-maps defined, you can apply that to your
    >neighbor peer-group:
    >
    >conf t
    >ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
    >ip prefix-list AS11244-net seq 5 permit xx.248.12.0/23
    >!
    >router bgp 11244
    >no synchronization
    >bgp log-neighbor-changes
    >no auto-summary
    >neighbor UUNET peer-group
    >neighbor UUNET remote-as 701
    >neighbor UUNET send-community
    >neighbor UUNET desc ** UUnet Peer (Backup) **
    >neighbor UUNET prefix-list DEFAULT-ROUTE in
    >neighbor UUNET prefix-list AS11244-net out
    >neighbor UUNET route-map UUnet-in in
    >neighbor UUNET route-map UUnet-out out
    >!
    >neighbor 157.130.138.245 peer-group UUNET
    >
    >
    >That should pretty much cover it... this will do the following:
    >
    >1) Only permit a default-route from UUNET (and you'll filter
    >everything else)
    >
    >2) Only announce your netblock upwards to them (you'll filter
    >everything else)
    >
    >3) You tag your outbound so UU receives it with a lower pref (anything
    >less than 100)
    >
    >4) You take your inbound from UU so that it's less preferred
    >
    >All UUNET will need to do is (1), permit your prefix, (2) send you only
    >a default route, (3) run communities with you.
    >
    >Using AS numbers will work, but it may not give you the desired results
    >as sometimes you have to add/remove AS#'s to your announcements. One
    >last thing to consider is that you may want to just get internal routes
    >from one peer and a default from the other so that you can use both
    >lines actively. This is more involved but it's another option.
    >
    >Good luck!
    >
    >-Vikas




    --
    Bob Simon
    remove both "x"s from domain for private replies
     
    Bob Simon, May 19, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. newbie BGP HELP!!

    , Feb 10, 2004, in forum: Cisco
    Replies:
    1
    Views:
    542
    Barry Margolin
    Feb 11, 2004
  2. harald rüger
    Replies:
    0
    Views:
    572
    harald rüger
    Oct 25, 2004
  3. papi
    Replies:
    4
    Views:
    2,283
    theapplebee
    Sep 8, 2009
  4. Replies:
    3
    Views:
    4,587
  5. Patrick Michael

    Re: Questions....questions....questions

    Patrick Michael, Jun 16, 2004, in forum: A+ Certification
    Replies:
    0
    Views:
    862
    Patrick Michael
    Jun 16, 2004
Loading...

Share This Page